CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,752 vulnerabilities with CWE-89
CVE-2023-3661 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3658 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3657 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-2957 CRITICAL
Lisa Software Florist Site < 3.0 - SQL Injection
CVSS 9.8
CVE-2023-1547 CRITICAL
Parkmatik <02.01-a51 - SQL Injection
CVSS 9.8
CVE-2023-34133 HIGH
Sonicwall
CVSS 7.5
CVE-2023-3644 MEDIUM
Service Provider Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-37628 CRITICAL
Online Piggery Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-37627 CRITICAL
Online Restaurant Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-37197 HIGH
StruxureWare Data Center Expert < 7.9.3 - Authenticated SQL Injection via Mass Configuration Settings
CVSS 8.8
CVE-2023-37196 HIGH
StruxureWare Data Center Expert < 7.9.3 - Authenticated SQL Injection via Alert Settings Tampering
CVSS 8.8
CVE-2023-3023 HIGH
WP EasyCart <5.4.10 - SQL Injection
CVSS 7.2
CVE-2023-3624 MEDIUM
Nesote Inout Blockchain FiatExchanger 3.0 - SQL Injection
CVSS 6.3
CVE-2023-26861 CRITICAL
PrestaShop vivawallet <1.7.10 - SQL Injection
CVSS 9.8
CVE-2023-3621 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Delete Packet createDeleteCommand Function
CVSS 6.3
CVE-2023-3619 MEDIUM
SourceCodester AC Repair and Services System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3617 HIGH
SourceCodester Best POS Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-36293 HIGH
wmanager < 1.0.7 - SQL Injection via company.php Component
CVSS 7.5
CVE-2023-3045 CRITICAL
Tise Technology Parking Web Report <2.1 - SQL Injection
CVSS 9.8
CVE-2023-2852 CRITICAL
Softmed SelfPatron <2.0 - SQL Injection
CVSS 9.8
CVE-2023-2046 CRITICAL
Yontem Informatics Vehicle Tracking System < 8.0 - SQL Injection
CVSS 9.8
CVE-2023-29095 HIGH
David F. Carr RSVPMaker < 10.5.5 - SQL Injection
CVSS 7.6
CVE-2023-37270 HIGH
Piwigo < 13.8.0 - Authenticated SQL Injection via User-Agent HTTP Header
CVSS 7.6
CVE-2023-27845 CRITICAL
kerawen omnichannel_stocks < 1.4.1 - SQL Injection via KerawenHelper Components
CVSS 9.8
CVE-2023-33664 HIGH
ai-dev aicombinationsonfly <0.3.1 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,752
Exploit Likelihood High